CVE-2026-13558

Publié : 29 juin 2026

Modifié : 29 juin 2026

Score CVSS

3.5

LOW

Description détaillée

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing a manipulation of the argument Report Title results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Références et Patchs

https://codeastro.com/https://github.com/ashikmd0507/CVE/blob/main/Stored%20XSS%20in%20Report%20Title%20Field%20Allows%20Script%20Execution%20in%20Admin%20Panel/README.md https://vuldb.com/cve/CVE-2026-13558 https://vuldb.com/submit/843714 https://vuldb.com/vuln/374566 https://vuldb.com/vuln/374566/cti

Dernières Vulnérabilités

CVE-2026-57525

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

VOIR DÉTAILS

CVE-2026-57523

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

VOIR DÉTAILS

CVE-2026-57341

Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.

VOIR DÉTAILS